HIPPA Rights
Fact Sheet
HIPAA: The Health Insurance Portability and Accountability Act of 1996
HIPAA gives you rights about who can look at and receive your medical records and health information.
Who must follow this law?
- Most doctors, nurses, pharmacies, hospitals, clinics, nursing homes, and many other health care providers
- Health insurance companies, HMOs, and most employer group health plans
- Certain government programs that pay for health care, such as Medicare and Medicaid
What information is protected?
- Information your doctors, nurses, and other health care providers put in your medical record
- Conversations your doctor has about your care or treatment with nurses and others
- Information about you in your health insurer’s computer system
- Billing information about you at your clinic
- Most other health information about you held by those who must follow this law
You have a right to:
- Ask to see and get a copy of your health records
- In most cases, you should receive copies within 30 days; you may have to pay for the cost of copying and mail in
- You may not have copies of your records when information in your file might endanger yourself or someone else of
- Ask that incorrect or incomplete information be removed or changed in your health records
- In most cases, your health records should be updated within 60 days
- Receive a notice that tells you how your health information may be used and shared
- Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as for marketing
- Get a report on when and why your health information was shared for certain purposes
- You can get this report for free once a year. In most cases you should get the report within 60 days, but it can take an extra 30 days if you are given a reason
- Ask to be contacted at different places or in a different way such as through your office or by mail
- Ask that your information not be shared with certain people, groups or companies However, your provider or health insurer does not have to agree to do what you ask
- File complaints if you believe your information was used or shared in a way that is not allowed by law or you were not allowed to exercise your rights
- Complaints can be filed with your provider or health insurer or the U.S. Government (Office of Civil Rights of the U.S. Department of Health and Human Services)
Your health information cannot be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot:
- Give your information to your employer
- Use or share your information for marketing or advertising purposes
- Share private notes about your mental health counseling sessions
To make sure that your information is protected in a way that does not interfere with your health care, your information can be used and shared:
- For your treatment and care coordination
- To pay doctors and hospitals for your health care and help run their businesses
- With your family, relatives, friends or others you identify who are involved with your health care or your health care bills, unless you object
- To make sure doctors give good care and nursing homes are clean and safe
- To protect the public’s health, such as by reporting when the flu is in your area
- To make required reports to the police, such as reporting gunshot wounds
For more information about HIPAA please contact the following agencies:
- Centers for Medicare & Medicaid Services (877) 267-2323, http://www.cms.hhs.gov/hipaa/
- US Department of Health & Human Services, Office of Civil Rights: (800) 368-1019, http://www.hhs.gov/ocr/privacy
This publication provides legal information, but is not intended to be legal advice. The information was based on the law at the time it was written. As the law may change, please contact P&A for updates.
This publication is funded by the U.S. Department of Health and Human Services (Substance Abuse and Mental Health Services Administration and the Administration on Developmental Disabilities) and the US Department of Education (Rehabilitation Services Administration). It does not necessarily represent the official views of the funding authorities.
P&A does not discriminate on the basis of disability, race, color, creed, national origin, ethnicity, ancestry, citizenship, age, religion, sex or sexual orientation, veteran status or any other class protected by law in the provision of its programs or services. Pete Cantrell is P&A’s designated coordinator for Section 504 of the Rehabilitation Act of 1973 and the Americans with Disabilities Act. August 2015 General